From owner-freebsd-bugs  Thu Nov 14 08:00:11 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA28884
          for bugs-outgoing; Thu, 14 Nov 1996 08:00:11 -0800 (PST)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA28857;
          Thu, 14 Nov 1996 08:00:08 -0800 (PST)
Date: Thu, 14 Nov 1996 08:00:08 -0800 (PST)
Message-Id: <199611141600.IAA28857@freefall.freebsd.org>
To: freebsd-bugs
Cc: 
From: Garrett Wollman <wollman@lcs.mit.edu>
Subject: bin/2008: kerberos tickets from login all have the same name
Reply-To: Garrett Wollman <wollman@lcs.mit.edu>
Sender: owner-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

The following reply was made to PR bin/2008; it has been noted by GNATS.

From: Garrett Wollman <wollman@lcs.mit.edu>
To: ccsanady@friley216.res.iastate.edu
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: bin/2008: kerberos tickets from login all have the same name
Date: Thu, 14 Nov 1996 10:49:19 -0500

 <<On Thu, 14 Nov 1996 07:02:22 -0600 (CST), Chris Csanady <ccsanady@friley216.res.iastate.edu> said:
 
 > By default, login stores your kerberos tickets in /tmp/tkt_uid.  If you are
 > logged on to the same machine multiple times, it will use the same ticket.  It
 > is generally good practice to put a kdestroy in your .logout (or the default.)
 
 Not everybody uses csh.  Some people use real shells.
 
 > If you do this, logging out of any of your sessions will mean you have no
 > tickets in the others.
 	
 This is a feature, not a bug.  I have a machine sitting on a table
 next to my desk upon which I occasionally need authentication.  I can
 securely log in on its console to get a TGT and then use my xterm
 window to perform the real work.
 
 More significantly, the Kerberized NFS client depends on being able to
 find a unique ticket file for each UID logged in.  Your proposed
 reversion (back to the way MIT Kerberos v4 worked) breaks this.  (The
 MIT way of doing authenticated NFS used a separate program called
 `fsauth' which would contact an RPC service on the NFS server and
 exchange authentication that way, which would then allow any requests
 from that client for that particular UID until the expiration date of
 the ticket.)
 
 -GAWollman
 
 --
 Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
 wollman@lcs.mit.edu  | O Siem / The fires of freedom 
 Opinions not those of| Dance in the burning flame
 MIT, LCS, ANA, or NSA|                     - Susan Aglukark and Chad Irschick